As part of a project recently I was asked to run a report against a customer’s environment with hundreds of Azure VMs. We wanted to retrieve all of their VMs and their corresponding operating systems. Easy using Powershell right? It turns out no, it is not as easy as expected at all. This was to…
Home
Migrating from Azure Automation Run-as Accounts to Managed Identities
Microsoft have announced that on October 1st, 2023 Azure Automation Run-as accounts will be retired and no longer work. This means that all Azure automation scripts using Run-as accounts for authentication will stop working on this date. During recent testing I’ve recently noticed that all new Azure Automation accounts created after April 1st, 2023 can…
Azure Virtual WAN
Azure Virtual WAN is a Microsoft-managed network service deployed to Azure. It provides a lot of functionality, including: It is intended to simplify the configuration of VPN/ExpressRoute/SD-WAN connectivity and provide easy-to-deploy hub and spoke topologies with no complex routing tables or VNet peering config. At the time of writing, it also supports Azure Firewall or…
Azure Stack Hub Operator Associate AZ-600 Exam Study Guide
Having recently been working on a project to deploy Azure Stack Hub, I thought it a good opportunity to study for the Microsoft cert for Azure Stack Hub, the AZ-600: Azure Stack Hub Operator Associate. The Azure Stack Hub certification was released back in 2018 as a 70-537: Configuring and Operating a Hybrid Cloud with…
Azure Disk Encryption Key Copy using Azure Automation
In Azure, all virtual machine disks are encrypted at rest. This means that the VM disk files are on an encrypted physical disk in the Azure data centre. This won’t prevent a disk being downloaded as a VHD using Azure Storage Explorer however, as the disk will become unencrypted when downloaded. See https://docs.microsoft.com/en-us/azure/virtual-machines/disks-use-storage-explorer-managed-disks To add…
Connecting Hub and Spoke Topologies in Azure
In a previous post here I detailed how to deploy a single-region hub and spoke network topology in Azure. However, most deployments in Azure have a requirement for high availability, meaning multiple hub and spoke topologies in different Azure regions. Deploying and connecting the two hub and spoke topologies is a complicated process so I…
Network Security Group Best Practices
Time and time again I’ve seen Network Security Groups configured incorrectly, misunderstood or sometimes completely omitted! The intention of this post is to clear up some of the confusion and to define some network security group best practices. What are Network Security Groups (NSGs)? NSGs are a method in Azure networking to filter network traffic….
Deploying a Hub & Spoke Network Architecture in Azure
Hub and spoke network architectures are an increasingly adopted topology in Azure, and I tend to recommend to customers who are new to Azure, are above a certain size (medium – enterprise) and require hybrid connectivity to on-premises or other clouds. Advantages: Cost effective for hybrid connectivity, being able to connect multiple VNets using one…
Using Azure Policy to Implement Tagging Inheritance
Azure tagging can be incredibly useful. It can be used to classify different Azure resources as well as providing a method for cost analysis outside the normal scopes of management groups, subscriptions and resource groups. However, for tagging to be effective, all resources need to be tagged. Very often I’ve seen tags have been missed…